[mod_openssl] adjust use of ssl.ca-dn-file

ssl.ca-dn-file is used to send list of valid CA DNs to client for client
cert verification.  If ssl.ca-dn-file is not specified, then the CAs in
ssl.ca-file are used.

client certs are validated against the set of certs from both
ssl.ca-dn-file and ssl.ca-file, but issuer of cert provided by
client must be in ssl.ca-dn-file if ssl.ca-dn-file is specified.

(certs should not need to be in to both ssl.ca-file and ssl.ca-dn-file)

(thx m4t)

0 files changed, 0 insertions, 0 deletions